Am 01.10.2012 14:15, schrieb Stéphane Gaudreault:
I am not sure what is the best way to fall back to suid root. A possible workaround for the case of installing on a filesystem that does not support capabilities could be something like :
setcap cap_net_raw=ep usr/bin/ping || chmod +s usr/bin/ping
But I think that we will still get into problems if it is installed on a filesystems that support capabilities and if this filesystem is exported on NFS to clients.
If you run the post_install on the host file system and export that via NFS, yes - but we have no way to detect this scenario. IMO, root file systems on NFS are a failure by design anyway - I worked in such a scenario for years and it is a bad bad bad idea. While we should fix easy problems such as this one, we should not spend too much time on making this work.
Any ideas ?
Your solution looks fine, but the message should be silenced with 2>/dev/null.